CLAIMS 

What is claimed is: 



1 . A method of automatically generating a keystream segment of an arbitrary location of 
a complete keystreamsof an additive stream cipher, the method comprising the 
computer-implemented steps of: ^ 

receiving a location value that identifies Iflocation of the keystream segment within 
the complete keystrea 

creating and storing a state value^or a leaf node of a balanced binary tree, wherein the 
tree represents the completeiceystream and the leaf node represents the 
keystream segment' at the loeatkm, by a preorder traversal of the tree from root 
node to the leaf node wherein a leftward tree branch transition comprises 
computing a first non-linear functiorKand a rightward tree branch transition 
comprises computing a second non-linear function; 

creating and storing the keystream segment by applying a third function to the state 
value of the leaf node. 



2. A method as recited in Claim 1, further comprising the steps of creating and storing 
the balanced binary tree by creating and storing a stack of h elements wherein the z ,th 
element of said stack stores a state datum for the / th node on a path from a root node of 
the tree to the leaf node. 

3. A method as recited in Claim 2, wherein the step of creating and storing a state value 
for a leaf node comprises the steps of computing and storing a state value for the leaf 
node that is unique with respect to any other state value that is computed at any other 
time for any other leaf node of the tree. 
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4. A method as recited in Clainr£L wherein the steps of computing a first non-linear 
function and computing a seeondifon-linear function comprises the steps of 
computing first and second ne^-un^ar functions that are selected such that a set of all 
state values of all leaf nodes is indistinguishable from a random value. 

The method as recited in Claim 1, wherein each leaf node stores n bits of state 
information, wherein n is a multiple of four. 

6. The method as recked in Claim 1, further comprising the steps of: 

creating and storing sto bits of state information in each leaf node comprising a 

concatenation Vf three nil bit quantities z\ y | x 5 wherein n is a multiple of 
four; \ 

computing the first non-liiiear function a and the second non-linear function b as the 
composition of a diffusion function d with the nonlinear "confusion" functions 
/ and g, wherein a = f\od and b = g ° d and wherein 

f(z\y\x) =2z\S(R(S(r)^IX)A-L(S(L(S(x)))) 

g(z\y\x) = 2z+J\ L~(S(L (S\v)))) \S(R(S (R (Ux)))) 

d(z\y\x) =z \ x+y-*rz \2x\y + z 

c(z\y | jc) = x(By \ 

wherein integer addition modulo two isVtenoted as +, bitwise exclusive-or is denoted 

as © , and bitwise complementation is denoted as □ ; 
wherein the R denotes rotation by n/4 bits tb in a'direction of a least significant bit and 

L denotes rotation by n/4 bits in a dir^ction^of a most significant bit; and 
wherein a nonlinear function S comprises a lookup in, a key-dependent substitution 

table. \ ' 



7. The method as recited in Claim 1, wherein the third ranction comprises computing a 
linear reduction of n bits of the state value to nil bits thereof 
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1 8. A method as recited in Claim 6, wherein the third function comprises computing a 

2 bitwise Boolean exclusive OR of x and y. 

1 9. A method as recited in Claim 6, further comprising the steps of creating and storing 

2 the substitution table S by selecting four invertible functions and storing the four 

3 invertible functions in a concatenated form. 

1 10. A method as recited in Claim 6, further comprising the steps of computing functions / 

2 and g in seven instructions of a central processing unit that can issue two instructions 

3 simultaneously, by using five registers to store values of jc, y, z, a temporary variable, 

4 and a pointer to the substitution table 5. 

1 11. / A method as recited in Claim 6, wherein the substitution table S comprises an array of 

2 / randomly selected integer values. 

1 12. A method as recited in Claim 6, wherein the substitution table S comprises an array of 

2 256 randomly selected 32-bit unsigned integer values. 

1 13. The method as recited in^Claim 1 , further comprising the steps of creating and storing 

2 a key for use by the first non-linear function and the second non-linear function, 

3 wherein the key comprises Viable of randomly selected values. 

1 1 4. The method as recited in Claim l^further comprising the steps of creating and storing, 

2 once and at a time prior to receivingvthe location value, a key for use by the first non- 
3. linear function and the second non-linW function, wherein the key comprises a table 

4 of randomly selected values. \ 
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1 15. The method as recited in Claim 1 , further comprising the steps of creating and storing 

2 a key in the form of a plurality of pseudo-randomly selected invertible functions, 

3 wherein each of the invertible functions maps an 8-bit portion of the state value to an 

4 8-bit quantity for use as a substitute portion of the state value. 



A method as recited in Claim 1, wherein the substitution table S comprises a plurality 
of suovtables, and wherein generating the substitution table comprises (a) setting 
values orthe sub-tables to key-dependent permutations and (b) setting values of one ' 
of the sub-tables to an exclusive OR of itself to the identity permutation. 



5 17. A method of enciphering a plaintext using at least one keystream segment at an 



6 arbitrary location of a complete keystream, the method comprising the computer- 

7 implemented steps of: \ 

8 receiving a segment of a plaintext; 

9 receiving a location value that identifies a location of the keystream segment within 

1 0 the complete keystream; 

1 1 creating and storing a state value for a teaf node of a balanced binary tree, wherein the 

1 2 tree represents the complete keystrehm and the leaf node represents the 

1 3 keystream segment at the location, by aweorder traversal of the tree from root 

14 node to the leaf node wherein a leftward tfi&e branch transition comprises 

1 5 computing a first non-linear function and a rightward tree branch transition 

16 comprises computing a second non-linear function; 

1 7 creating and storing the keystream segment by applying a tm^d function to the state 

1 8 value of the leaf node; 

1 9 enciphering the segment of the plaintext by combining the keystrekn segment with 

20 the segment of the plaintext using a Boolean exclusive OR operation to result 

21 in creating and storing a segment of ciphertext. 
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1 1 8.^\^A method of encrypting an ordered plurality of packets of a network communication 

2 link using at least one keystream segment at an arbitrary location of a complete 

3 keystream, the method comprising the computer-implemented steps of: 

4 receiving a ^packet from among the plurality of packets; 

5 determining a location value that represents a relative location of the packet among 

6 the plurality of packets; 

7 creating and storing a state value for a leaf node of a balanced binary tree, wherein the 

8 tree represents the complete keystream and the leaf node represents a 

9 keystream segment at the relative location, by a preorder traversal of the tree 

1 0 from root node to^e leaf node wherein a leftward tree branch transition 

1 1 comprises computing a first non-linear function and a rightward tree branch 

12 transition comprises computing a second non-linear function; 

13 creating and storing the keystrealn segment by applying a third function to the state 

14 value of the leaf node; \ 

1 5 enciphering the packet by combining the keystream segment with data of the packet 

16 using a Boolean exclusive OR operation to result in creating and storing 

1 7 enciphered packet data. \ 

1 19. A computer-readable medium carrying one or more\sequences of instructions for 

2 automatically generating a keystream segment of an arbitrary location of a complete 

3 keystream of an additive stream cipher, which instruction^, when executed by one or 

4 more processors, cause the one or more processors to carry out the steps of: 

5 receiving a location value that identifies a location of the keystteam segment within 

6 the complete keystream; \ , 

7 creating and storing a state value for a leaf node of a balanced binary^ee, wherein the 

8 tree represents the complete keystream and the leaf node represefcrts the 

9 keystream segment at the location, by a preorder traversal of the trete from root 

1 0 node to the leaf node wherein a leftward tree branch transition comprises 

1 1 computing a first non-linear function and a rightward tree branch transition 

12 comprises computing a second non-linear function; 
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13 creating and storing the keystream segment by applying a third function to the state 

1 4 Value of the leaf node. 
1 \ 

1 20. An apparatus for automatically generating a keystream segment of an arbitrary 

2 location of a complete keystream of an additive stream cipher, comprising: 

3 means for receiving allocation value that identifies a location of the keystream 

4 segment within the complete keystream; 

5 means_for creating and staring a state value for a leaf node of a balanced binary tree, 

6 wherein the tree represents the complete keystream and the leaf node 

7 represents the keystreaiTt segment at the location, by a preorder traversal of the 

8 tree from root node to the leaf node wherein a leftward tree branch transition 

9 comprises computing a first non-linear function and a rightward tree branch 

10 transition comprises computing second non-linear function; 

1 1 means for creating and storing4he keystream segment by applying a third function to 

12 the state value of the leaf node. \ 

1 21 . An apparatus for automatically generating a keystteam segment of an arbitrary 

2 location of a complete keystream of an additive stream cipher, comprising: 

3 a network interface that is coupled to the data network ibr receiving one or more 

4 packet flows therefrom; \ 

5 a processor; \ 

6 one or more stored sequences of instructions which, when executed by the processor, 

7 cause the processor to carry out the steps of: \ 

8 receiving a location value that identifies a location of the keystream segment 

9 within the complete keystream; \ 
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1 0 creating and storing a state value for a leaf node of a balanced binary tree, 

1 1 wherein the^ree represents the complete keystream and the leaf node 

12 represents the Keystream segment at the location, by a preorder 

13 traversal of the trbe from root node to the leaf node wherein a leftward 

14 tree branch transitiohxomprises computing a first non-linear function 

1 5 and a rightward tree branch transition comprises computing a second 

16 non-linear function; \ 

17 creating and storing the keystream segment by applying a third function to the 

1 8 state value of the leaf node. \ 
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